Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Infected but not sure what with [RESOLVED]

ally0000

Posted 23 May 2008 - 12:35 AM

ally0000

New Member

Member

3 posts

Hi All,

If someone is able to help that would be great, I can't face a re-install as I have a 10 day old daughter at home and a frazzled wife. A few days ago I noticed a bubble saying 'Automatic Updates are disabled' but was unable to re-enable them, I wasn't too bothered at the time. Then later on all these pop ups started, I have Norton Anti-virus corporate edition V10 and windows defender on my PC as well as being behind a Netgear router (with NAT) and a Zone Alarm firewall.

I downloaded Malwarebytes, spyware doctor, Ad-aware and spybit but nothing would clean it.

Any help would be really appreciated. I've read a few posts in this forum and I am going to include logs from Hijack this, DSS and combofix.

Event Record #/Type1526 / WarningEvent Submitted/Written: 05/22/2008 09:06:14 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3526 / WarningEvent Submitted/Written: 05/22/2008 09:18:45 PMEvent ID/Source: 3004 / WinDefendEvent Description:%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:%XPS1530275

Scan ID: {C12AA490-A10F-4F9F-9E8A-3B6A8B4D4D30}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3525 / WarningEvent Submitted/Written: 05/22/2008 09:18:45 PMEvent ID/Source: 3004 / WinDefendEvent Description:%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:%XPS1530275

Scan ID: {C3565946-7BE8-4579-BFB0-C49888B1F11A}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3524 / WarningEvent Submitted/Written: 05/22/2008 09:18:45 PMEvent ID/Source: 3004 / WinDefendEvent Description:%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:%XPS1530275

Scan ID: {B9CC8D0A-DFC9-4F69-8109-24498D56981C}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3523 / WarningEvent Submitted/Written: 05/22/2008 09:18:42 PMEvent ID/Source: 3004 / WinDefendEvent Description:%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:%XPS1530275

Scan ID: {F29102E5-4BB6-4EA5-8898-B7896655F15B}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3522 / WarningEvent Submitted/Written: 05/22/2008 09:18:42 PMEvent ID/Source: 3004 / WinDefendEvent Description:%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:%XPS1530275

Scan ID: {D1338A44-F335-43E3-A107-A57739796EA5}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-05-22 21:18:59 ------------================================================================================================================================================DSS Main.txt

Deckard's System Scanner v20071014.68Run by Administrator on 2008-05-22 21:17:52Computer is in Normal Mode.--------------------------------------------------------------------------------